[PATCH v3] staging: gdm724x: Fix DMA from stack

[PATCH v3] staging: gdm724x: Fix DMA from stack

[Amey Narkhede]

Stack allocated buffers cannot be used for DMA
on all architectures so allocate hci_packet buffer
using kmalloc.

Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
---
Changes in v3:
	- Remove superfluous buf pointer
	- Reduce size of allocation of hci_packet to match number of
	bytes used for DMA

 drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
index dc4da66c3..80c58a3ef 100644
--- a/drivers/staging/gdm724x/gdm_usb.c
+++ b/drivers/staging/gdm724x/gdm_usb.c
@@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,

 static int request_mac_address(struct lte_udev *udev)
 {
-	u8 buf[16] = {0,};
-	struct hci_packet *hci = (struct hci_packet *)buf;
+	struct hci_packet *hci;
 	struct usb_device *usbdev = udev->usbdev;
 	int actual;
 	int ret = -1;

+	hci = kmalloc(5, GFP_KERNEL);
+	if (!hci)
+		return -ENOMEM;
+
 	hci->cmd_evt = gdm_cpu_to_dev16(udev->gdm_ed, LTE_GET_INFORMATION);
 	hci->len = gdm_cpu_to_dev16(udev->gdm_ed, 1);
 	hci->data[0] = MAC_ADDRESS;

-	ret = usb_bulk_msg(usbdev, usb_sndbulkpipe(usbdev, 2), buf, 5,
+	ret = usb_bulk_msg(usbdev, usb_sndbulkpipe(usbdev, 2), &hci, 5,
 			   &actual, 1000);

 	udev->request_mac_addr = 1;
+	kfree(hci);

 	return ret;
 }
--
2.30.1

[PATCH v3] staging: gdm724x: Fix DMA from stack

[Amey Narkhede]

Stack allocated buffers cannot be used for DMA
on all architectures so allocate hci_packet buffer
using kmalloc.

Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
---
Changes in v3:
	- Remove superfluous buf pointer
	- Reduce size of allocation of hci_packet to match number of
	bytes used for DMA

 drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
index dc4da66c3..80c58a3ef 100644
--- a/drivers/staging/gdm724x/gdm_usb.c
+++ b/drivers/staging/gdm724x/gdm_usb.c
@@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,

 static int request_mac_address(struct lte_udev *udev)
 {
-	u8 buf[16] = {0,};
-	struct hci_packet *hci = (struct hci_packet *)buf;
+	struct hci_packet *hci;
 	struct usb_device *usbdev = udev->usbdev;
 	int actual;
 	int ret = -1;

+	hci = kmalloc(5, GFP_KERNEL);
+	if (!hci)
+		return -ENOMEM;
+
 	hci->cmd_evt = gdm_cpu_to_dev16(udev->gdm_ed, LTE_GET_INFORMATION);
 	hci->len = gdm_cpu_to_dev16(udev->gdm_ed, 1);
 	hci->data[0] = MAC_ADDRESS;

-	ret = usb_bulk_msg(usbdev, usb_sndbulkpipe(usbdev, 2), buf, 5,
+	ret = usb_bulk_msg(usbdev, usb_sndbulkpipe(usbdev, 2), &hci, 5,
 			   &actual, 1000);

 	udev->request_mac_addr = 1;
+	kfree(hci);

 	return ret;
 }
--
2.30.1
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Greg KH]

On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> Stack allocated buffers cannot be used for DMA
> on all architectures so allocate hci_packet buffer
> using kmalloc.
> 
> Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> ---
> Changes in v3:
> 	- Remove superfluous buf pointer
> 	- Reduce size of allocation of hci_packet to match number of
> 	bytes used for DMA
> 
>  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> index dc4da66c3..80c58a3ef 100644
> --- a/drivers/staging/gdm724x/gdm_usb.c
> +++ b/drivers/staging/gdm724x/gdm_usb.c
> @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> 
>  static int request_mac_address(struct lte_udev *udev)
>  {
> -	u8 buf[16] = {0,};
> -	struct hci_packet *hci = (struct hci_packet *)buf;
> +	struct hci_packet *hci;
>  	struct usb_device *usbdev = udev->usbdev;
>  	int actual;
>  	int ret = -1;
> 
> +	hci = kmalloc(5, GFP_KERNEL);

Why "5" and not:
	hci = kmalloc(sizeof(*hci), GFP_KERNEL);
?

thanks,

greg k-h

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Greg KH]

On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> Stack allocated buffers cannot be used for DMA
> on all architectures so allocate hci_packet buffer
> using kmalloc.
> 
> Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> ---
> Changes in v3:
> 	- Remove superfluous buf pointer
> 	- Reduce size of allocation of hci_packet to match number of
> 	bytes used for DMA
> 
>  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> index dc4da66c3..80c58a3ef 100644
> --- a/drivers/staging/gdm724x/gdm_usb.c
> +++ b/drivers/staging/gdm724x/gdm_usb.c
> @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> 
>  static int request_mac_address(struct lte_udev *udev)
>  {
> -	u8 buf[16] = {0,};
> -	struct hci_packet *hci = (struct hci_packet *)buf;
> +	struct hci_packet *hci;
>  	struct usb_device *usbdev = udev->usbdev;
>  	int actual;
>  	int ret = -1;
> 
> +	hci = kmalloc(5, GFP_KERNEL);

Why "5" and not:
	hci = kmalloc(sizeof(*hci), GFP_KERNEL);
?

thanks,

greg k-h
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Amey Narkhede]

[-- Attachment #1: Type: text/plain, Size: 1300 bytes --]

On 21/02/10 03:55PM, Greg KH wrote:
> On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> > Stack allocated buffers cannot be used for DMA
> > on all architectures so allocate hci_packet buffer
> > using kmalloc.
> >
> > Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> > ---
> > Changes in v3:
> > 	- Remove superfluous buf pointer
> > 	- Reduce size of allocation of hci_packet to match number of
> > 	bytes used for DMA
> >
> >  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
> >  1 file changed, 7 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> > index dc4da66c3..80c58a3ef 100644
> > --- a/drivers/staging/gdm724x/gdm_usb.c
> > +++ b/drivers/staging/gdm724x/gdm_usb.c
> > @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> >
> >  static int request_mac_address(struct lte_udev *udev)
> >  {
> > -	u8 buf[16] = {0,};
> > -	struct hci_packet *hci = (struct hci_packet *)buf;
> > +	struct hci_packet *hci;
> >  	struct usb_device *usbdev = udev->usbdev;
> >  	int actual;
> >  	int ret = -1;
> >
> > +	hci = kmalloc(5, GFP_KERNEL);
>
> Why "5" and not:
> 	hci = kmalloc(sizeof(*hci), GFP_KERNEL);
> ?
>
> thanks,
>
> greg k-h
I really need a cup of coffee :)
I'll send v4

Thanks,
Amey

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Amey Narkhede]

[-- Attachment #1.1: Type: text/plain, Size: 1300 bytes --]

On 21/02/10 03:55PM, Greg KH wrote:
> On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> > Stack allocated buffers cannot be used for DMA
> > on all architectures so allocate hci_packet buffer
> > using kmalloc.
> >
> > Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> > ---
> > Changes in v3:
> > 	- Remove superfluous buf pointer
> > 	- Reduce size of allocation of hci_packet to match number of
> > 	bytes used for DMA
> >
> >  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
> >  1 file changed, 7 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> > index dc4da66c3..80c58a3ef 100644
> > --- a/drivers/staging/gdm724x/gdm_usb.c
> > +++ b/drivers/staging/gdm724x/gdm_usb.c
> > @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> >
> >  static int request_mac_address(struct lte_udev *udev)
> >  {
> > -	u8 buf[16] = {0,};
> > -	struct hci_packet *hci = (struct hci_packet *)buf;
> > +	struct hci_packet *hci;
> >  	struct usb_device *usbdev = udev->usbdev;
> >  	int actual;
> >  	int ret = -1;
> >
> > +	hci = kmalloc(5, GFP_KERNEL);
>
> Why "5" and not:
> 	hci = kmalloc(sizeof(*hci), GFP_KERNEL);
> ?
>
> thanks,
>
> greg k-h
I really need a cup of coffee :)
I'll send v4

Thanks,
Amey

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[-- Attachment #2: Type: text/plain, Size: 169 bytes --]

_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Dan Carpenter]

On Wed, Feb 10, 2021 at 08:31:33PM +0530, Amey Narkhede wrote:
> On 21/02/10 03:55PM, Greg KH wrote:
> > On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> > > Stack allocated buffers cannot be used for DMA
> > > on all architectures so allocate hci_packet buffer
> > > using kmalloc.
> > >
> > > Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> > > ---
> > > Changes in v3:
> > > 	- Remove superfluous buf pointer
> > > 	- Reduce size of allocation of hci_packet to match number of
> > > 	bytes used for DMA
> > >
> > >  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
> > >  1 file changed, 7 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> > > index dc4da66c3..80c58a3ef 100644
> > > --- a/drivers/staging/gdm724x/gdm_usb.c
> > > +++ b/drivers/staging/gdm724x/gdm_usb.c
> > > @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> > >
> > >  static int request_mac_address(struct lte_udev *udev)
> > >  {
> > > -	u8 buf[16] = {0,};
> > > -	struct hci_packet *hci = (struct hci_packet *)buf;
> > > +	struct hci_packet *hci;
> > >  	struct usb_device *usbdev = udev->usbdev;
> > >  	int actual;
> > >  	int ret = -1;
> > >
> > > +	hci = kmalloc(5, GFP_KERNEL);
> >
> > Why "5" and not:
> > 	hci = kmalloc(sizeof(*hci), GFP_KERNEL);

5 is correct and sizeof(*hci) is 4.  The hci struct ends in a zero
element array.  You could do:

	hci = kmalloc(struct_size(hci, data, 1), GFP_KERNEL);

I'm not sure it's more readable.  But you still will have to resend
because the patch passes "&hci" to usb_bulk_msg() instead of "hci" so it
will corrupt memory.

I always encourage people to write the patch and then sit on it over
night and send it the next day.

regards,
dan carpenter

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Dan Carpenter]

On Wed, Feb 10, 2021 at 08:31:33PM +0530, Amey Narkhede wrote:
> On 21/02/10 03:55PM, Greg KH wrote:
> > On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> > > Stack allocated buffers cannot be used for DMA
> > > on all architectures so allocate hci_packet buffer
> > > using kmalloc.
> > >
> > > Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> > > ---
> > > Changes in v3:
> > > 	- Remove superfluous buf pointer
> > > 	- Reduce size of allocation of hci_packet to match number of
> > > 	bytes used for DMA
> > >
> > >  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
> > >  1 file changed, 7 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> > > index dc4da66c3..80c58a3ef 100644
> > > --- a/drivers/staging/gdm724x/gdm_usb.c
> > > +++ b/drivers/staging/gdm724x/gdm_usb.c
> > > @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> > >
> > >  static int request_mac_address(struct lte_udev *udev)
> > >  {
> > > -	u8 buf[16] = {0,};
> > > -	struct hci_packet *hci = (struct hci_packet *)buf;
> > > +	struct hci_packet *hci;
> > >  	struct usb_device *usbdev = udev->usbdev;
> > >  	int actual;
> > >  	int ret = -1;
> > >
> > > +	hci = kmalloc(5, GFP_KERNEL);
> >
> > Why "5" and not:
> > 	hci = kmalloc(sizeof(*hci), GFP_KERNEL);

5 is correct and sizeof(*hci) is 4.  The hci struct ends in a zero
element array.  You could do:

	hci = kmalloc(struct_size(hci, data, 1), GFP_KERNEL);

I'm not sure it's more readable.  But you still will have to resend
because the patch passes "&hci" to usb_bulk_msg() instead of "hci" so it
will corrupt memory.

I always encourage people to write the patch and then sit on it over
night and send it the next day.

regards,
dan carpenter

_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Amey Narkhede]

[-- Attachment #1: Type: text/plain, Size: 2068 bytes --]

On 21/02/10 06:19PM, Dan Carpenter wrote:
> On Wed, Feb 10, 2021 at 08:31:33PM +0530, Amey Narkhede wrote:
> > On 21/02/10 03:55PM, Greg KH wrote:
> > > On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> > > > Stack allocated buffers cannot be used for DMA
> > > > on all architectures so allocate hci_packet buffer
> > > > using kmalloc.
> > > >
> > > > Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> > > > ---
> > > > Changes in v3:
> > > > 	- Remove superfluous buf pointer
> > > > 	- Reduce size of allocation of hci_packet to match number of
> > > > 	bytes used for DMA
> > > >
> > > >  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
> > > >  1 file changed, 7 insertions(+), 3 deletions(-)
> > > >
> > > > diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> > > > index dc4da66c3..80c58a3ef 100644
> > > > --- a/drivers/staging/gdm724x/gdm_usb.c
> > > > +++ b/drivers/staging/gdm724x/gdm_usb.c
> > > > @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> > > >
> > > >  static int request_mac_address(struct lte_udev *udev)
> > > >  {
> > > > -	u8 buf[16] = {0,};
> > > > -	struct hci_packet *hci = (struct hci_packet *)buf;
> > > > +	struct hci_packet *hci;
> > > >  	struct usb_device *usbdev = udev->usbdev;
> > > >  	int actual;
> > > >  	int ret = -1;
> > > >
> > > > +	hci = kmalloc(5, GFP_KERNEL);
> > >
> > > Why "5" and not:
> > > 	hci = kmalloc(sizeof(*hci), GFP_KERNEL);
>
> 5 is correct and sizeof(*hci) is 4.  The hci struct ends in a zero
> element array.  You could do:
>
> 	hci = kmalloc(struct_size(hci, data, 1), GFP_KERNEL);
>
> I'm not sure it's more readable.  But you still will have to resend
> because the patch passes "&hci" to usb_bulk_msg() instead of "hci" so it
> will corrupt memory.
>
> I always encourage people to write the patch and then sit on it over
> night and send it the next day.
>
> regards,
> dan carpenter
>
Yes I was about to send patch with kmalloc(sizeof(*hci) + sizeof(u8)).
Now I'll take your advice and send the patch tomorrow.

Thanks,
Amey

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [PATCH v3] staging: gdm724x: Fix DMA from stack

[Amey Narkhede]

[-- Attachment #1.1: Type: text/plain, Size: 2068 bytes --]

On 21/02/10 06:19PM, Dan Carpenter wrote:
> On Wed, Feb 10, 2021 at 08:31:33PM +0530, Amey Narkhede wrote:
> > On 21/02/10 03:55PM, Greg KH wrote:
> > > On Wed, Feb 10, 2021 at 07:55:12PM +0530, Amey Narkhede wrote:
> > > > Stack allocated buffers cannot be used for DMA
> > > > on all architectures so allocate hci_packet buffer
> > > > using kmalloc.
> > > >
> > > > Signed-off-by: Amey Narkhede <ameynarkhede03@gmail.com>
> > > > ---
> > > > Changes in v3:
> > > > 	- Remove superfluous buf pointer
> > > > 	- Reduce size of allocation of hci_packet to match number of
> > > > 	bytes used for DMA
> > > >
> > > >  drivers/staging/gdm724x/gdm_usb.c | 10 +++++++---
> > > >  1 file changed, 7 insertions(+), 3 deletions(-)
> > > >
> > > > diff --git a/drivers/staging/gdm724x/gdm_usb.c b/drivers/staging/gdm724x/gdm_usb.c
> > > > index dc4da66c3..80c58a3ef 100644
> > > > --- a/drivers/staging/gdm724x/gdm_usb.c
> > > > +++ b/drivers/staging/gdm724x/gdm_usb.c
> > > > @@ -56,20 +56,24 @@ static int gdm_usb_recv(void *priv_dev,
> > > >
> > > >  static int request_mac_address(struct lte_udev *udev)
> > > >  {
> > > > -	u8 buf[16] = {0,};
> > > > -	struct hci_packet *hci = (struct hci_packet *)buf;
> > > > +	struct hci_packet *hci;
> > > >  	struct usb_device *usbdev = udev->usbdev;
> > > >  	int actual;
> > > >  	int ret = -1;
> > > >
> > > > +	hci = kmalloc(5, GFP_KERNEL);
> > >
> > > Why "5" and not:
> > > 	hci = kmalloc(sizeof(*hci), GFP_KERNEL);
>
> 5 is correct and sizeof(*hci) is 4.  The hci struct ends in a zero
> element array.  You could do:
>
> 	hci = kmalloc(struct_size(hci, data, 1), GFP_KERNEL);
>
> I'm not sure it's more readable.  But you still will have to resend
> because the patch passes "&hci" to usb_bulk_msg() instead of "hci" so it
> will corrupt memory.
>
> I always encourage people to write the patch and then sit on it over
> night and send it the next day.
>
> regards,
> dan carpenter
>
Yes I was about to send patch with kmalloc(sizeof(*hci) + sizeof(u8)).
Now I'll take your advice and send the patch tomorrow.

Thanks,
Amey

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[-- Attachment #2: Type: text/plain, Size: 169 bytes --]

_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel